lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 10 Apr 2020 11:11:04 -0700
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     Randy Dunlap <rdunlap@...radead.org>
Cc:     Stephen Rothwell <sfr@...b.auug.org.au>,
        Linux Next Mailing List <linux-next@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Rasmus Villemoes <linux@...musvillemoes.dk>
Subject: Re: linux-next: Tree for Apr 10 (lib/test_printf.ko)

On Fri, Apr 10, 2020 at 9:35 AM Randy Dunlap <rdunlap@...radead.org> wrote:
>
> KASAN detects a use-after-free in _raw_spin_lock_irqsave while
> running lib/test_printf.ko.

Btw, can you run these kinds of reports through scripts/decode_stacktrace.sh?

If you have debug info in your build, it will give much more
meaningful backtraces with file names and line numbers (and points to
inlining decisions etc too)

(For individual symbols, use scripts/faddr2line, but the
decode_stacktrace script does them all in one go).

I wonder if these scripts aren't well enough known, I see a lot of raw
dumps that could be immensely improved with a little scripting - but
they need the original vmlinux binary with debug info, so you can't do
it after-the-fact somewhere else..

                Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ